Every now and then, security researchers come across a server used by hackers to store stolen account credentials. The latest instance of this has been flagged by Daniel Chechik and Anat (Fox) Davidi of Trustwave’s SpiderLabs, who have discovered a stash login credentials for nearly two million online accounts.

“Another interesting item on the list is the payroll service provider adp.com. It is only natural to have such domains in the mix, but it is surprising to see it ranked #9 on the top domains list. Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions,” the researchers pointed out.

The server in question hosts a botnet controller app dubbed Pony.

At first glance, an overwhelming number of these account credentials seem to have been collected from machines on IP addresses in The Netherlands, followed by couple of thousands combinations from Thailand, Germany and Singapore, and even less from a wide variety of countries around the globe.

But, a closer look at the IP log files showed that “most of the entries from NL IP range are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well.”

“This technique of using a reverse proxy is commonly used by attackers in order to prevent the Command-and-Control server from being discovered and shut down--outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” the researchers explained, adding that, unfortunately, an ad-hoc analysis of the stolen passwords revealed what be already know: that many, many users keep using easy-to-guess passwords such as “123456”, “password”, “admin”, “111111”, and similar.

Compared to similar analysis from seven years ago, they also discovered that, yes, people are choosing longer passwords (but not necessarily more complex ones), but a greater percent uses the aforementioned “easy” passwords. In fact, that percentage has almost tripled.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.